guloader | 7bf66677d4f93167a77e217bcf72899ffdbcd62cb79688fa7e7346ac91a14678 | Triage

Sharing

General

Target

INVOICE pdf.wsf
Size

225KB
Sample

240419-tp8wyahf9t
MD5

62a9fb211e083aefa46e2a82cbef11bc
SHA1

f1e75cf66bbaf1ea3535bfe188f11d08dac775c8
SHA256

7bf66677d4f93167a77e217bcf72899ffdbcd62cb79688fa7e7346ac91a14678
SHA512

65295e73290a6357ef4dbaf2d882880101ae97fe2a6b1d7835437e9b0a3339eeb70fc6a762b58b22e9d5a9699419a2816f9d2319a2e692900dcc69687794a86a
SSDEEP

6144:rWEeg2kae621pGqbWt0JPvk+r+usYBbnPZnqtFVyNLFViFHV/O3CLfItE0Pux:nWqv6uVKUux

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  INVOICE pdf.wsf
- Size
  
  225KB
- MD5
  
  62a9fb211e083aefa46e2a82cbef11bc
- SHA1
  
  f1e75cf66bbaf1ea3535bfe188f11d08dac775c8
- SHA256
  
  7bf66677d4f93167a77e217bcf72899ffdbcd62cb79688fa7e7346ac91a14678
- SHA512
  
  65295e73290a6357ef4dbaf2d882880101ae97fe2a6b1d7835437e9b0a3339eeb70fc6a762b58b22e9d5a9699419a2816f9d2319a2e692900dcc69687794a86a
- SSDEEP
  
  6144:rWEeg2kae621pGqbWt0JPvk+r+usYBbnPZnqtFVyNLFViFHV/O3CLfItE0Pux:nWqv6uVKUux
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2